|XFCE running shell scripts||Friday 22nd July 2016|
I'm not sure when it happened, but at some point I stopped being able to run an application I use in XFCE which is launched via a shell script.|
The obvious solution is to make sure that +x permission has been granted to the file - but no joy.
The answer is to run this under your user account:
xfconf-query --channel thunar --property /misc-exec-shell-scripts-by-default --type bool --set true --create
|SQL Server connection encryption||Wednesday 20th July 2016|
I have just been looking at connection encryption for SQL server - the default install of SQL doesn't require any encryption of data between the client and the server. Given the relatively cheap cost of processing power it seems like a good thing to explore where feasible.|
The MSDN documentation on SQL connection encryption is very light-weight and it's worth noting a few gotchas in setting this up.
Obviously you'll need an internal CA setup. This is a role easily added to a DC. The simplest way to create a certificate you can use is to use IIS to generate a certificate request. It [i]must[/i] be a FQDN (e.g. myserver.mydomain) You can then upload this request to your certificate authorities web site (http://[server]/certsrv) - but if you're using IE, you have to run it in Administrative Mode to be able to access the "Web Server" template type. Simpler to use Firefox and just upload the text of your certificate request.
The certificate you download from the CA doesn't have a key, that's stored in IIS. So complete the request in IIS and you'll have a certificate and private key stored in your local computer's "personal" store. You need to grant access to the SQL Server service account for this to work. By default this is "NT Service/MSSQLSERVER" - it only needs read access.
In the Sql Server Configuration Manager you should now be able to select a certificate from the drop down list and enable forced encryption. A restart of the service enables this.
|pfSense upgrade recovery||Tuesday 19th July 2016|
I recently upgraded a pfSense 2.2.x firewall to a 2.3.x version. I've done upgrades numerous times and they always go well. This time, it didn't.|
I use the automatic upgrader, and duly click the backup tick box before setting the upgrade off. After a while of no Internet access I checked the console to find a dead firewall:
can't find 'kernel'
Oh dear. A reboot didn't resolve it. Not to worry, I clicked backup. Just if I could work out what it did with said backup. Simple enough, the backup is a .tgz archive stored in the /root directory. Simple - apart from my device won't boot.
My action plan was to recover the backup, reinstall from scratch and overwrite the config with the one from the backup.
pfSense is based on FreeBSD, which is Unix in all but its name. Unix is fairly similar to Linux, but sufficiently different to cause headaches and confusion when trying to recover something. Most difficult of all is the Unix File System (ufs) file format. It's not straight foward to mount in Linux, so my attempts to recover the file after mounting the disk in Linux came to a swift end.
In the end, I used a FAT16 formatted drive and attached it to the firewall to act as a temporary store.
You can use the pfSense install media to boot and have the option of going into Recovery mode. Unfortunately it just gives you a console and no other information. A bit of fumbling around I issued the following commands to mount the existing disk as well as my temporary one:
mount /dev/da0s1a /mnt
mount /dev/da1s1 /media
Then copied the backup file to my temporary disk and shutdown the firewall:
cp /mnt/root/*.tgz /media
I attached my temporary disk to another computer and extracted the /cf/conf/config.xml file and uploaded this to a clean pfSense install through the Diagnostics > Backup & Restore menu.
The moral of the story is backup your config, or snapshot your virtual machine before doing an upgrade.